Anthropic to brief Financial Stability Board on Mythos cyber risks

TL;DR:

  • Anthropic will brief the Financial Stability Board on cyber vulnerabilities in the global financial system exposed by its Mythos AI model, the Financial Times reported on Monday.
  • The briefing was requested by Bank of England Governor Andrew Bailey, who chairs the FSB and last month warned Mythos could “crack the whole cyber risk world open.”
  • The briefing escalates a UK-led narrative on frontier AI as a financial-stability issue, days after the BoE, FCA and HM Treasury issued a joint statement to UK regulated firms.

The UK-driven escalation of frontier AI as a financial-stability concern has reached the top table of global financial regulation. Reuters confirmed on Monday morning that, per FT reporting, Anthropic will brief the Financial Stability Board on cyber vulnerabilities identified by its Mythos AI model — at the direct request of BoE Governor Andrew Bailey, who chairs the FSB and is responsible for coordinating financial rules across G20 economies.

Why the FSB briefing matters

Mythos is Anthropic’s cybersecurity model, announced last month and not yet released, designed to detect decades-old vulnerabilities in web browsers, infrastructure and software. The cybersecurity community’s reaction has been split between recognition of the defensive upside and serious concern that the same capability could supercharge sophisticated cyberattacks — particularly against banks whose legacy systems are the most exposed.

Bailey crystallised the concern in April at Columbia University: “You wake up to find that Anthropic may have found a way to crack the whole cyber risk world open.” His specific worry, he said, was the extent to which this new model would be able to “identify vulnerabilities in other systems which can be exploited for cyber attack purposes.” Routing that concern through the FSB, rather than national regulators alone, frames Mythos as a systemic — not just operational — risk.

Stacks with this week’s UK regulator action

The briefing arrives the same week the Bank of England, FCA and HM Treasury issued a joint statement to UK regulated firms warning that frontier AI “cyber capabilities of current frontier AI models are already exceeding what a skilled practitioner could achieve” and instructing firms to act across governance, vulnerability management, third-party risk, protection and recovery. Read together, the UK move is now a layered one: domestic regulators have set the operational expectations, while the BoE has used its FSB chair to internationalise the same conversation with the lab whose model triggered it.

Reuters has not independently verified the FT report, and Anthropic and the FSB had not responded to requests for comment by Monday morning. Separately, Japan’s megabanks are reportedly set to gain access to Mythos in the coming weeks, and the model is already being deployed across US banks rushing to plug cyber gaps.

Looking forward

The shape of the FSB briefing will matter more than the headline. If Anthropic provides specific vulnerability classes, exploitation timelines and mitigation guidance, the FSB conversation can translate into actionable supervisory framing. If the briefing stays at the abstraction layer of “frontier AI is dangerous,” it will reinforce the political momentum without giving regulators the technical purchase they need. UK firms in particular should watch whether the FSB output is published — and whether it lands in time to shape the next round of operational-resilience supervisory questions from the PRA and FCA.